logo

CoreWeave

Senior Security Engineer, PKI & Secrets

Department
Engineering
Job Type / Location
Livingston, CA
Experience Required
5+ years
Posted On

CoreWeave is The Essential Cloud for AI™. Built for pioneers by pioneers, CoreWeave delivers a platform of technology, tools, and teams that enables innovators to build and scale AI with confidence. Trusted by leading AI labs, startups, and global enterprises, CoreWeave combines superior infrastructure performance with deep technical expertise to accelerate breakthroughs and turn compute into capability. Founded in 2017, CoreWeave became a publicly traded company (Nasdaq: CRWV) in March 2025. Learn more at www.coreweave.com .

What You'll Do:

The Security Foundations organization at CoreWeave keeps CoreWeave Cloud secure by design, from data centers and GPU fleets to the platform layers powering our customers' AI workloads. The PKI & Secrets team owns the cryptographic infrastructure underpinning the confidentiality, integrity, and authenticity of CoreWeave's data and systems: PKI, secrets management, HSMs, key management, and code signing.

We partner with teams across the company to deliver cryptographic services that are secure, reliable, and easy to use at scale.

About the Role:

As a Senior Security Engineer on the PKI & Secrets team, you will shape how CoreWeave manages cryptographic infrastructure across its global fleet. You'll design and operate PKI hierarchies, secrets management platforms, HSM infrastructure, and key management systems; working hands-on with engineering teams to integrate these capabilities into their services and workflows.

In this role, you will:

  • Contribute to the design, implementation, and operation of CoreWeave's PKI infrastructure, including CA hierarchies, issuance policies, certificate lifecycle management, and trust distribution across Kubernetes clusters and bare-metal hosts.
  • Manage and evolve secrets management platforms, including access policies, secret lifecycle governance, and integration patterns using External Secrets Operator and cert-manager.
  • Operate and scale HSM infrastructure, including PKCS#11 integration, key ceremony procedures, and high-availability designs backing our certificate authorities and signing services.
  • Contribute to the design of key management and data encryption solutions for internal and customer-facing use cases, including envelope encryption and KMS API design.
  • Deliver PKI-based solutions supporting workload identity, mutual TLS, and hardware attestation.
  • Maintain and extend code signing infrastructure for firmware images, UEFI binaries, container images, and application binaries.
  • Develop and enforce cryptographic best practices and policies, and contribute to post-quantum cryptography readiness.

Who You Are:

  • (5)+ years of experience in security engineering or infrastructure engineering.
  • Strong understanding of PKI concepts including CA hierarchies, certificate profiles, issuance polici

View Assessment Process

Think you'll be a good fit?